Fraud prevention and security

Fraud prevention and security

Fraud prevention and security

  • These days fraudsters are very active in the digital environment. They intentionally spread false information to get you to act in their desired way – share your data or transfer money.
     
  • Anyone can fall victim to fraud.
     
  • The only way to stop fraud is to know how to spot the scams.
     
  • Always check the information you receive and pay attention to what actions you approve with PIN codes.

What to do if you have or suspect that you have fallen victim to fraud

1. Contact us immediately and follow our instructions.

2. Stop all communication with Fraudsters.

3. Notify the police and submit a copy of the statement to us.

4. Provide us with all the necessary information (screen shots of correspondence received, documents based on which payments were made, etc.) together with description of all fraudulent transactions.

5. Before you resume using bank services, remove apps used in defrauding or other malicious content from your device (this may be, but not limited – any desk, team viewer, etc.)..

6. If you received a scam link, report the fake website to the Information Technology Security Incident Response Institution by sending an e-mail to cert@cert.lv.

How to protect yourself from fraud

Protect your data

  • Be critical of any communication where you are asked to disclose internet bank access details, card details, or verification codes received by SMS. 
  • Evaluate what information you share about yourself in public.
  • Enter PIN codes only when you have initiated the action yourself and make sure that the details shown in the authentication tool correspond to that action.
  • Pay attention to what codes you use to confirm your action.
PIN1 - is used for the authenticating yourself when getting access to:
- Online Services;
- Logging into Internet or Mobile Bank;
- Completing purchases on the internet with your card.
PIN2 – used for confirming transactions (authorizing bank transfers, signing documents, etc).

Check the information you receive

  • Check the sender’s e‑mail address - it can often look like a real company’s name with only minor differences.
  • Be cautious about unsolicited messages. Avoid clicking on unknown links and downloading and opening attachments.
  • Be careful if you are redirected to a page where you are asked to disclose your banking data or enter personal details. 
  • Fraudulent messages may contain grammatical mistakes.
  • Always ask for more information and do your own research before starting cooperation or making a payment to or a purchase from a new counterparty.
  • Search for possible negative feedback about a new counterparty.
  • Be alert to possible impersonations – always check received information against previously known or official / publicly available contacts.

Useful to know

  • If anything sounds too good to be true, it usually isn’t true.
  • Bank employees, police officers or other legitimate businesses do not ask you to disclose any passwords or PIN codes.
  • Latvian Information Technology Security Incident Response Institution (CERT) has created a firewall solution that you can add to your local network or device for free. This limits your access to potentially harmful pages. For more information see here.

Common fraud schemes

Phishing

What does it mean?

Phishing is a type of fraud where scammers, pretending to be service providers, use e-mail, SMS and social media messages, fake websites, and search engines to get your data. Their goal is that you click a link, which takes you to their fake site, and willingly enter your personal or bank details.

What to look out for?

  • You don’t use the service or don’t know the sender.
  • The message feels very “out of the blue.”
  • There are mistakes and inconsistencies in the brand name and design, message text, e-mail addresses, domain names, links.
  • A social media account was recently created and doesn’t have much content.
  • The message is short and basic, and its tone is off – you’re pushed, even threatened to act quickly, and do any of these:
    - Review suspicious logins or payments on your account.
    - Cancel an incorrect payment or confirm personal data.
    - Click a link or attachment and make a payment.
    - Claim a special offer, discount, or refund.
  • The link you’re directed to looks weird or the page address looks different from the one you clicked.
  • The website loads slowly.
  • Random pop-ups and banners appear on the website and buttons, menu items, etc. don’t work.

What’s an example?

Fraudsters create a website that looks, for example, like that of a major bank or the state tax office. Then, they send out e‑mails in the bank’s name, requesting the recipient to go on the website and enter their personal banking information (internet bank username and PIN codes) to perform the task stated in the e‑mail. Once the fraudsters get hold of this personal information, they try to access the victim’s bank account and steal money.

Vishing (fraudulent telephone calls)

What does it mean?

A fraudster calls you, pretending to be a bank employee, police officer or a representative of some other well-known company, and tells you that there has been a fraud risk identified which needs to be addressed urgently. During the phone call, the fraudster will try to get hold of your internet bank / card data.

What to look out for?

  • The call is from a disguised number (e.g., Luminor), a mobile app (e.g., WhatsApp) or from abroad.
  • Usually, the caller speaks a foreign language and refuses to switch to the local language. However, it is possible that the caller is fluent in your native language as well.
  • The caller is focused on the suspicious transactions and large sums but doesn’t answer questions about any details. It could be that you don’t even have an account in the said bank.
  • The call is rushed and stressful – even pushy or unpleasant.
  • The “employee” tells you to reveal personal data but is unable to explain why it’s needed.

What’s an example?

Jonas is contacted by someone who claims to be calling from their bank’s security department to inform them that there is a problem with the customer’s account. Or the customer is asked if they just made a payment. The caller then says that it is likely that the customer's account access has leaked, but the payment can be suspended if the customer gives the caller their details, including those of their bank card, and confirms the required actions using authentication tools. If the customer discloses their details and confirms the actions, the fraudsters will gain access to their funds.

Investment fraud

What does it mean?

The fraudster pretends to be an investment consultant/broker/analyst and uses the victim’s lack of knowledge in investing to gain trust and convince the victim to make an investment. The fraudster may contact you directly, promising easy money, or you may come across them via fake advertisements online.

What to look out for?

  • The “consultant’s” company website doesn’t work properly. There aren’t any reviews on the company or its team.
  • The consultant speaks a foreign language and refuses to switch to the local language. You’re asked to switch to another media platform.
  • You’re told to act now to gain maximum profit at minimum risk even if the investment requires taking out a loan.
  • The services are offered without a contract or without fulfilling other legal requirements for making investments.
  • The consultant asks you to install computer/smartphone/tablet software which allows your computer to be shared and controlled by the fraudster.
  • Payments are to be sent to different recipients, not to the actual investment platform The recipients are often private persons, not legal entities.
  • Fraudsters ask you to open accounts in different banks or with different payment service providers.
  • Investing may take place on platforms that are not officially registered to provide investment services in Latvia. You can check legitimate service providers here.

What’s an example?

Thomas is unexpectedly contacted by a man offering the services of a new investment platform where you can trade with anything and are guaranteed excellent returns. Thomas has always wanted to try out investing, and without thinking or doing any research about the platform he decides to set up an account on it and transfer funds there. At first, he sees his investments earning him a profit. Then he makes additional deposits, and the profits keep rising. At one point, he tries to withdraw some of the money that has accumulated in his account only to find that he can’t: the investment platform was a scam and there are no real funds behind the profits. Thomas lost his entire initial investment.

Romance fraud

What does it mean?

To steal money, fraudsters create a fake profile on a dating app or site or on social media and start a fake romantic relationship with their victim. Scammers might be eager to declare love, propose marriage, and set up in-person meetings, but none of these will ever take place. They’ll eventually ask for money to help them in different situations – to help a relative, pay fees for sending a parcel or send funds so that they can come and meet you.

What to look out for?

  • There is no information about the person available in public sources.
  • They immediately express their love for you.
  • The person seems flawless, especially in photographs.
  • The person is always on the move or far from you.
  • The fraudster tries to manipulate you emotionally so that you feel obliged to send the asked funds.
  • When requesting financial assistance or discussing investments, the payments will always have to be made to a relative, friend or business partner, because there are issues with the person’s own account.
  • You are insisted to share your personal data.

What’s an example?

Marie signed up for an online dating service and was contacted by Bob, who claimed to be an American officer stationed in Iraq. They seemed to get along well, messaged each other for quite some time and eventually began planning a road trip in Europe. Bob told Marie that he would transfer 5,000 euros to her to cover the trip costs. He e‑mailed her the transaction statement and told her that the money would reach her with a slight delay as his bank was processing transactions slowly. The next day, Bob suddenly asked Marie to transfer 4,000 euros back to him because he needed to loan it to a friend who was in dire need. Marie transferred the money to him while waiting for his payment to arrive, but it never did. Marie contacted her bank, and it turned out that Bob’s statement had been fake. On top of losing her money, Marie never heard from him again.

Payment diversion fraud

What does it mean?

Fraudsters create fake invoices or payment requests and forward them to organizations with the aim of defrauding them.

What to look out for?

  • You receive an invoice from a different address than usually.
  • An urgent payment is requested (missed the first payment deadline, discount is given for early payment, etc.).
  • A supplier requests to change their bank details/account with you.
  • There are typos in the e-mail address.
  • The supporting documents are invalid, copied or obviously altered.
  • The invoice amount is a round number or there are other unusual details on the invoice.
  • You receive multiple invoices with the same description of goods or services (same amount, invoice or purchase order number, date).
  • The information on the invoice does not match the contract terms, purchase order, receipt records, or inventory/usage records.

What’s an example?

A company received from their supplier a letter with an invoice. The letter said that they had to pay the invoice as soon as possible or their deal would be terminated. After making the payment, the company’s accountant noticed that the letter had been mailed from the same post office from which she had received the letter. She had made the payment to an account in another country, different from the supplier’s usual one. When the accountant contacted the supplier by phone, it turned out that the supplier’s e-mail had been hacked and the invoices had been forged.

Fake CEO fraud

What does it mean?

It is a type of spear phishing e-mail attack in which the attacker impersonates a CEO. The fake director contacts an employee who has access to the company’s accounts and asks them to urgently transfer money to an account number that is not normally used. The fraudsters know who to contact thanks to the employee’s digital footprint: they either call or send an e‑mail to the employee who has permission to perform transactions or access sensitive information.

What to look out for?

  • The spelling in the e-mail address has been changed.
  • An e-mail subject requesting immediate fund transfers.
  • Asking for money transfers to an account that's different from the ones normally used.

What’s an example?

An employee who takes care of a company’s payments receives an e‑mail from a fraudster impersonating their CEO. It is stated in the e-mail that an invoice issued by their partner company has not been paid and must be paid immediately. The e‑mail even includes an image of their CEO. It is known that the issuer of the bill is the company’s closest partner, so without giving it further thought, the employee pays the bill. Later, they find out that not only was the CEO on vacation that week, but also that the money went to fraudsters and there is no way of getting it back.

Promises of reward made by third parties

What does it mean?

This is a scheme in which a person is randomly contacted, generally by e‑mail and asked for help with transferring a sum of money. In return, the sender offers a part of the sum as a reward – usually a large amount, sometimes up to several million euros or dollars. The fraudsters ask the person to send them money to cover some of the initial costs in connection with the transfer. However, if the money is sent, the fraudsters will either disappear or ask for more money by claiming ongoing problems with the transfer.

What to look out for?

  • You receive a letter from a stranger who usually lives in a foreign country.
  • The e-mail contains grammatical mistakes.
  • You are asked to send money for an attractive reward.
  • There are various reasons given for why the transfer is needed; for example, accounts are frozen and initial funds are needed to access the money, or a large inheritance has been received but initial funds are required to access it.
  • If the offer sounds too good, it is probably a scam.

What’s an example?

Tina received a letter from an unknown person who introduced himself as a relative: “Hello dear! I am the son of your grandmother's sister's cousin's wife. Although we didn't communicate before, I am contacting you now because you are the last member of my family. I have a practical proposal to share a 10‑million‑dollar inheritance with me. To get 50% of it you only need to confirm your bank statements by sending me a small fee on 100 dollars to the following account…” After the initial transfer, she was asked to pay for insurance, a transfer fee, etc., until she ran out of funds..

Fake shop / purchase fraud

What does it mean?

Fraudsters pretend to be legitimate online sellers and use either a fake website or a fabricated ad on a genuine retailer’s site. Their goal is to get you to buy something without the intention of sending you the goods, or they might send a cheap replica. Individuals may also try to sell you something with this intention. They place ads, accept payment for goods and then disappear without delivering the goods.

What to look out for?

  • A product is advertised at a remarkably low price – seems too good to be true.
  • An online store is very new and sells products at very low prices.
  • You can’t find information about delivery options and policies on the site, or there is very limited information.
  • The retailer does not provide adequate information about privacy, terms and conditions of use, dispute resolution or contact details.
  • The seller accepts only a few and not very well-known payment methods.
  • Check whether a newly found online store has a refund or returns policy.

What’s an example?

Joe found a very good deal in a new online store. He paid for a product, waited for it to be shipped and the seller to send the tracking number. When he still had not received the item after a month, Joe contacted the store, but no one answered. After looking at reviews on the internet, Joe realized that not a single customer had ever received goods from this online store.

Loan fee fraud

What does it mean?

Scammers target people who are looking for a loan and make them a good offer. However, to get the loan, the consumer must pay an advance fee. The scammer then takes the fee, and the victim never receives the loan.

What to look out for?

  • You receive a loan offer by phone, e-mail, or social media message.
  • The lender guarantees that the loan will be approved.
  • An insurance, transfer, or other fee is requested to pay out the loan.
  • There is no information about the lender in a public source (no registration number, address, etc.), or the loan is offered by a private person.
  • The lender pressures you to act immediately.
  • The loan offer sounds too good to be true.
  • You can receive a big loan amount, the terms are flexible, the interest rate is low, and hardly any proof of income is required.

What’s an example?

John received a message with a loan offer from a new company. He was asked to pay a fee to have it transferred to a third-party account. After making the payment, he was asked to make an insurance payment, later a payment for the agreement. After several payments, John had suspicions about the company's activities and the requested payments. After checking information about the company in a public source, it became clear that there were many people who had made payments but never received the loan. John realized that he had fallen victim to fraud.